Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.

Slides:



Advertisements
Similar presentations
When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.
Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Family Educational Rights and Privacy Act
Maureen Cronin Associate Registrar for DARS University of Nevada, Reno.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
Technology Plan EDLD 5362 Casey Smith.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Authorizing Access to Services at Penn State University
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
What is FERPA? Family Educational Rights and Privacy Act.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
Family Educational Rights and Privacy Act of 1974 (FERPA) What do you need to know? For Faculty and Department Staff of The University of New Mexico Registrar’s.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
IAM Overview and Self-assessment Exercise Keith Hazelton, UW-Madison & Internet2 MACE Renee Shuey, Penn State & InCommon TAC Co- chair InCommon CAMP, Columbus,
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
FERPA Basics From the University of Northern Iowa and Office of the Registrar.
 Definitions ◦ A student is any person age 18 or attending an institution of postsecondary education ◦ E ducation records are any records that are related.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.
Controller’s & Bursar’s Offices Mission Support College operations: Collect funds (e.g., tuition & fees, grants, and State appropriations) Pay bills (e.g.,
Shibboleth Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Authentication at Penn State: The Present State of Affairs and Future Directions James A. Vuccolo, Manager, Software Technologies Group Phil Pishioneri,
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
Federations Penn State Case Study Renée Shuey Senior Systems Engineer ITS – Emerging Technologies October 13, 2003.
Prepared by The Office of the Registrar Youngstown State University February, 2009.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
The Pennsylvania State University © 2007 Web-Based Access Control for ITS Web Services, Present and Future Jeffrey C. D’Angelo, Programmer/Analyst, Enabling.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
John O’Keefe Director of Academic Technology & Network Services
Family Educational Rights and Privacy Act (FERPA) Online Training
Red Flags Rule An Introduction County College of Morris
A Business Case for Identity Management in Higher Education
Office of the University Registrar
Welcome to the FERPA training for Faculty and Staff.
PASSHE InCommon & Federated Identity Workshop
Central Authorization System (Grouper) June 2009
Shibboleth as Attribute Delivery for Authorization
Identity Management: Shibboleth Activity Update
Presentation transcript:

Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006

Outline ‣ PSU and ITS ‣ What Identity Management looks like at Penn State ‣ External attribute distribution ‣ Considerations when releasing attributes ‣ Wrap-up

A little bit about Penn State and ITS…

Penn State

‣ Established 1855, PA’s Land Grant ‣ 24 campus locations ‣ 80K students, 10K faculty, 10K staff ‣ $640M annual research expenditure

Information Technology Services at Penn State

Components of IdM at Penn State ‣ Kerberos, DCE, Active Directory ‣ LDAP (eduPerson) ‣ Cosign (WebAccess is local branding) ‣ Shibboleth ‣ Member of InCommon ‣ “Access Account” - branding for Penn State identity (authn only available too), ~120K ‣ “Short Term Access Accounts” (authn only available too) ‣ “Friends of Penn State” - branding for external identity, ~450K

Example of Access Account Uses ‣ WebMail ‣ eLion ‣ Filespace ‣ Employee Benefits ‣ Personal webspace ‣ LIAS (Library Resources) ‣ ANGEL (Course Management) ‣ Penn State Portal ‣ Time cards ‣ e-Portfolio ‣ General Stores – shopping online ‣ Parking permit applications ‣ Res Hall applications, network connections ‣ Travel services ‣ Office of Physical Plant –Customer Info Center ‣ Id+ Online ‣ WebForum ‣ Student Computer Labs ‣ Wireless authn ‣ VPN ‣ etc.

Examples of Short Term Access Account uses ‣ Temporary access to a computer lab ‣ Temporary access to wireless ‣ Helps solve the summer camp problem ‣ Continuing Education (big deal at non-UP campuses)

Examples of “Friends of Penn State” Uses ‣ ANGEL (Course Mgt) ‣ Undergraduate Admissions ‣ World Campus ‣ Registrar ‣ Office of Human Resources ‣ Outreach ‣ Bursar ‣ Counselor Training Program

Examples of Shib uses ‣ WebAssign ‣ Napster ‣ ANGEL ‣ Office of Student Aid (coming soon) ‣ Symplicity (coming soon) ‣ Worldwide University Network ‣ turnitin.com (coming soon) ‣ Lionshare ‣ Thomson Publishing (coming soon)

What attributes do we share with which service providers?

Example 1 - WebAssign ‣ Attributes Released ‣ eduPersonPrincipalName (EPPN) ‣ Physics course ‣ Common name ‣ Surname ‣ Given name

Example 2 - Turnitin ‣ Attributes Released: ‣ eduPersonPrincipalName ‣ eduPersonPrimaryAffiliation ‣ Given Name ‣ Surname

Example 3 – PHEAA (Pennsylvania Higher Education Assistance Agency) ‣ Attributes Released: ‣ eduPersonScopedAffiliation ‣ eduPersonAffiliation ‣ Given Name ‣ Surname ‣ Date of Birth ‣ Social Security Number

So….how did we decide what attributes can be released to an external service provider?

Using Example 1 - WebAssign ‣ Course information ‣ students pay directly for access to physics content ‣ Existing policies related to FERPA and student records (AD-11) ‣ “The following is a list of directory items that may be made available to the public regarding students of the University without their prior consent and is considered part of the public record of their attendance: “ ‣ Confidentiality hold

Using Example 3 - PHEAA ‣ Current policies define what attributes, or combination of attributes, constitute a FERPA protected record ‣ AD-11 - University policy on confidentiality of student records ‣ Social Security Number ‣ AD-19 - Use of Penn State Identification and Social Security Number ‣ Requires special permission from Chief Privacy Officer

Summary of Process for Distributing Attributes ‣ Identify which attributes are “required” by service provider to complete transaction ‣ Work with appropriate people to verify attributes can be shared ‣ University affiliate, IdM administrators, Chief Privacy Officer, Data Stewards ‣ Shibboleth Identity provider admin creates attribute release policy

Points to Ponder ‣ Confidentiality hold ‣ Leverage well established business rules ‣ Personal management of attribute release (Autograph) ‣ Third party policy ‣ Audits of TP security practices ‣ Addendums to contracts (mutual non-disclosure)

The On-Going Challenge ‣ Good tools exist but that’s not enough ‣ The only thing standing between these principles & practices and making a big difference with them is: ‣ developing the institutional will to constantly improve IdM ‣ creating a groundswell of epiphanies across the university

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.